Exposición de Elementor

Page builders, WordPress plugins

717

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-13997MEDIUMKing Addons for Elementor <= 51.1.49 - Unauthenticated API Keys DisclosureEPSS 0.2%CVE-2025-22671MEDIUMWordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8196MEDIUMMagical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom AttributesEPSS 0.2%CVE-2026-3875MEDIUMBetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2025-8146MEDIUMQi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text WidgetEPSS 0.2%CVE-2026-1512MEDIUMEssential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box WidgetEPSS 0.2%CVE-2025-8216MEDIUMSky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2025-11536MEDIUMElement Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request ForgeryEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-7046MEDIUMPortfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JSEPSS 0.2%CVE-2025-8619MEDIUMOSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URLEPSS 0.2%CVE-2024-52387MEDIUMWordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-26761MEDIUMWordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-26769MEDIUMWordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-46225MEDIUMWordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-8360MEDIUMLA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2024-13354MEDIUMResponsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-12189MEDIUMWDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-12043MEDIUMPrime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-8603MEDIUMUnlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%

← anteriorpágina 65 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →